[TriLUG] [Trilug-ontopic] best way(s) to get static IP# @home with DHCP ISP?

[Kevin Otte]

You'd think with the OMB mandate for IPv6, the feds would be the first
online, but I digress.

Yes, you could stand up a Linode, VPN to that, and then VPN through that
to the federal agency.

Here's a good starting point on docs:
https://www.linode.com/docs/networking/vpn/secure-communications-with-openvpn-on-ubuntu-12-04-precise-and-debian-7

Once you have the private network to your Linode going, you'd have to
set up a masquerade rule there like you would on a standard home router.
Then you would add a route on your desktop to the fed VPN endpoint over
the Linode VPN.

My referral code, should you decide to go ahead with this slightly
Goldbergian exercise :) 99d28dc7009b403094d0a9104072cb062bf68f32

-- Kevin

On 08/26/2014 02:20 PM, Tom Roche wrote:
> 
> meta-summary: moving discussion to main list from http://www.trilug.org/pipermail/trilug-ontopic/2014-August/000352.html per suggestion.
> 
> summary: I'm a home ISP user who may soon be required to get a static IP#. Please recommend cheap-but-effective ways to do this.
> 
> details:
> 
> I'm a student using data and other computing resources provided by a federal agency in RTP. I'm in the area, but far enough away that travel to/from the site is onerous. Accordingly I have used these assets remotely for almost 2 years: I use an agency-provided SecurID[1] to authenticate to the agency-designated VPN (F5, only available on linux via an ancient 32-bit Firefox plugin) and SSH over the VPN into research clusters.
> 
> The agency also contracts with Computer Sciences Corporation (CSC) for security services. ISTM that, recently, CSC contractors decided that all agency "external partners" (such as myself) should be restricted to remote access from static IP#s. I'm appealing this decision, but suspect I will be steamrolled. (Hopefully without extraordinary rendition[2].)
> 
> So I'd appreciate tips/tricks regarding how (or how not) to acquire one or more static IP#s so as to jointly optimize cost (low) and performance (e.g., high reliability and speed). FWIW
> 
> 1. I'm running debian on my home PCs, only one of which (my main workstation) should need static IP.
> 
> 2. I have an old router=WRT54GL running DD-WRT that I currently use only as a wired switch (for which it is plenty fast) between the FP modem and my PCs.
> 
> 3. My current ISP=FreedomPop, which I've been using for nearly a year. They don't (IIUC) provide static IP. Nevertheless I'd prefer to stay on that provider, since
> 
> 3.1. FP costs less than a third of what TimeWarner/RoadRunner wanted me to pay (on which price-hike announcement I bailed), and I am very price-sensitive.
> 
> 3.2. FP has been reasonably fast (certainly plenty fast to shell into console sessions). I suspect that any third-party static-IP or dynamic-DNS provider I use will degrade the ISP's connection speed: I'm hoping to limit the degradation.
> 
> 3.3. FP has been quite reliable with the VPN. It only tends to drop during major thunderstorms, probably because their network is wireless. (Currently home service is 4G, but apparently will go LTE Real Soon Now; their phone service is already LTE.)
> 
> One suggestion, about which I'd appreciate more detail, is
> 
> Brian McCullough Tue, 26 Aug 2014 12:34:23 -0400 [3]
>> [Nivex] has a cheap Linode machine set up as his "global endpoint."
>> He sets up a VPN connection from [wherever] he is to that, and then
>> from there to the "actual" destination.
> 
>> You [could] use either IPv4 or IPv6 with such a solution.
> 
> IPv4 may be important for my usecase. AFAICS Nameless Federal Agency is gonna be on IPv4 awhile: IIUC/ICBW, they're still running nearly all XP desktops onsite (though a few folks have Scientific Linux supported).
> 
> TIA, Tom Roche <Tom_Roche at pobox.com>
> 
> [1]: https://en.wikipedia.org/wiki/SecurID
> [2]: http://www.therenditionproject.org.uk/global-rendition/the-aircraft/N288KA.html
> [3]: http://www.trilug.org/pipermail/trilug-ontopic/2014-August/000353.html
>